PT-2016-6522 · Apache+1 · Netbeans+1

Hyp3Rlinx

Published

2016-10-25

Updated

2018-10-09

CVE-2016-5537

CVSS v3.1

5.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware 8.1

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to a directory traversal vulnerability, which may allow local users with certain permissions to write to arbitrary files and gain privileges by using a .. (dot dot) in a ZIP file imported as a project.

Recommendations For Oracle Fusion Middleware 8.1, consider restricting access to the NetBeans component until a fix is available. As a temporary workaround, avoid importing ZIP files as projects that may contain malicious archive entries.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-5537

Affected Products

Netbeans

Oracle Fusion Middleware

PT-2016-6522 · Apache+1 · Netbeans+1

CVE-2016-5537

Related Identifiers

Affected Products

References · 14